Make WordPress Core


Ignore:
Timestamp:
06/01/2022 06:12:25 PM (2 years ago)
Author:
SergeyBiryukov
Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-custom-image-header.php

    r53183 r53455  
    11601160            }
    11611161
    1162             $choice['url'] = esc_url_raw( $choice['url'] );
     1162            $choice['url'] = sanitize_url( $choice['url'] );
    11631163
    11641164            $header_image_data = (object) array(
     
    11981198        }
    11991199
    1200         set_theme_mod( 'header_image', esc_url_raw( $header_image_data['url'] ) );
     1200        set_theme_mod( 'header_image', sanitize_url( $header_image_data['url'] ) );
    12011201        set_theme_mod( 'header_image_data', $header_image_data );
    12021202    }
Note: See TracChangeset for help on using the changeset viewer.